Fixing CSP for iOS9

touchstonejs · Dec 3, 2015 · 73b6937 · 73b6937
1 parent 3bf201b
commit 73b6937
Showing 1 changed file with 2 additions and 6 deletions.
diff --git a/src/index.html b/src/index.html
@@ -12,12 +12,8 @@
 			* Enable inline JS: add 'unsafe-inline' to default-src
 	-->
 	<head>
-		<!--- Debug CSP -->
-		<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' * 'unsafe-inline'; img-src * data:; connect-src *; style-src 'self' 'unsafe-inline';">
-
-		<!--- Production CSP
-		<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src * data:; connect-src *; style-src 'self' 'unsafe-inline';">
-		-->
+		<!--- CSP -->
+		<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: script-src style-src 'self' 'unsafe-inline'; media-src *">
 
 		<link rel="stylesheet" type="text/css" href="css/app.css">
 		<title>Touchstonejs Demo</title>